FTPS

FTPS

FTPS (commonly referred to as FTP/SSL) is a name used to encompass a number of ways in which FTP software can perform secure file transfers. Each way involves the use of a SSL/TLS layer below the standard FTP protocol to encrypt the control and/or data channels. It should not be confused with either SSH file transfer protocol (SFTP), or FTP over SSH.

The most common uses of FTP and SSL are:

* "AUTH TLS", "Explicit FTPS" or "FTPES", named for the command issued to indicate that TLS security should be used. This is the preferred method according to RFC 4217. The client connects using clear text on port 21 and may negotiate a secure TLS connection during the FTP setup or at any time thereafter. The server may allow non-encrypted FTP should negotiation fail. If the control channel is unencrypted, any subsequent data channels must also be unencrypted; if the control channel is encrypted, the subsequent data channels may be in clear or encrypted. (This is a requirement of the "AUTH" mechanism defined under RFC 2228.) If the command channel is not encrypted, the protocol is said to be using a clear command channel (CCC). If the data channel is not encrypted, the protocol is said to be using a clear data channel (CDC). Encrypted data channels and encryption on the control channel can be set up and torn down by the client at any time.

* "Implicit FTPS" is an older, but still widely implemented, style in which the client connects to a different control port, and an SSL handshake is performed before any FTP commands are sent. The entire FTPS session is encrypted. Implicit FTPS does not allow for negotiation and the client should immediately challenge the FTPS Server with the TLS/SSL handshake. The Internet Assigned Numbers Authority (IANA) officially designates port 990 as the FTPS control channel port and port 989 as the FTPS data channel port.

SSL Certificates

Much like https, but unlike SFTP, FTPS servers must provide a public key certificate. These certificates can be created using Unix tools such as OpenSSL's ssl-ca.

This certificate must be signed by a certificate authority, or the FTPS client will generate a warning stating that the certificate is not valid.

The firewall problem

Because FTP is a port-hopping protocol (i.e. data channels use a random port chosen during the communication), many firewalls are designed to understand FTP protocol messages to determine what secondary data connections they need to allow. However, if the control connection is encrypted using TLS/SSL (or any other method for that matter), the firewall is not able to get the port numbers of the data connections from the control connection (since it is encrypted and the firewall cannot decrypt it). Therefore, in many firewalled networks, clear FTP connections will work while FTPS connections will either completely fail or require the use of passive mode (assuming all ports >= 1024 to the server are unfiltered).

See also

* List of file transfer protocols
* Comparison of FTP client software
* List of FTP server software
* Secure copy (SCP)
* SSH file transfer protocol (SFTP)
* FTP (contains a section "FTP over SSH")
* List of TCP and UDP port numbers

External links

* RFC 4217 - Securing FTP with TLS
* [http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html Overview of FTPS, and lists of clients, servers, and proxies supporting FTPS]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • FTPS — (File Transfer Protocol + SSL, или FTP/SSL) защищённый протокол для передачи файлов. При этом стандартный протокол FTP надстраивается над протоколом, передающим данные по шифрованному каналу протокола SSL, что обеспечивает безопасную передачу… …   Википедия

  • FTPS — im TCP/IP‑Protokollstapel: Anwendung FTP Transport SSL/TLS TCP Internet IP (IPv4, IPv6) Netzz …   Deutsch Wikipedia

  • FTPS — Saltar a navegación, búsqueda FTPS (comúnmente referido como FTP/SSL) es un nombre usado para abarcar un número de formas en las cuales el software FTP puede realizar transferencias de ficheros seguras. Cada forma conlleva el uso de una capa… …   Wikipedia Español

  • FTPS — File Transfer Protocol over SSL Pile de protocoles 7 • Application 6 • Présentation 5 • Session 4 • …   Wikipédia en Français

  • FTPS — Fuel Tank Pressurization System Contributor: MSFC …   NASA Acronyms

  • FTP über SSL — FTPS im TCP/IP‑Protokollstapel: Anwendung FTP Transport SSL/TLS TCP Internet IP (IPv4, IPv6) Netzzugang …   Deutsch Wikipedia

  • FTPES — FTPS im TCP/IP‑Protokollstapel: Anwendung FTP Transport SSL/TLS TCP Internet IP (IPv4, IPv6) Netzz …   Deutsch Wikipedia

  • FTP over SSL — FTPS im TCP/IP‑Protokollstapel: Anwendung FTP Transport SSL/TLS TCP Internet IP (IPv4, IPv6) Netzz …   Deutsch Wikipedia

  • FTP über TLS — FTPS im TCP/IP‑Protokollstapel: Anwendung FTP Transport SSL/TLS TCP Internet IP (IPv4, IPv6) Netzz …   Deutsch Wikipedia

  • List of FTP server software — Notable implementations of FTP servers (organized by the nature of the interface used to configure them) include: Contents 1 Graphical 2 Console/terminal based 3 Libraries 4 See also …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”